- Joined
- Oct 21, 2009
- Messages
- 204
- Points
- 18
There's some interesting stuff on there. You might cause me to spend even more money!
LPF Donation via Stripe | LPF Donation - Other Methods
Links below open in new window
ArcticMyst Security by Avery
A junkbox for DIYers
- Thread starter grenadier
- Start date
Hey guess what guys...
I implemented user accounts! Now you don't have to confirm every post, and you can edit/delete your posts just by visiting them :-D
The Junkbox! - Register
I implemented user accounts! Now you don't have to confirm every post, and you can edit/delete your posts just by visiting them :-D
The Junkbox! - Register
Last edited:
Oh hey guys, after a whole night of coding the junkbox now supports paypal and google checkout!
The Junkbox! - New Junk
Enjoy!
The Junkbox! - New Junk
Enjoy!
- Joined
- Aug 5, 2011
- Messages
- 185
- Points
- 0
just a heads up:
your site has a few security issues:
photos directory is not secured, file listing can be seen, there i see :
adminEdit.php
wich tells me :
Warning: include_once(admin/config.php)
wich tells me there is an admin directory
wich brings me to:
http://www.junkbox.org/admin/categories.php
wich gives me soem info i should not have:
dbconnection is in /inc_dbcon.php?
include_path='.:/usr/lib/php:/usr/local/lib/php
mysql user: 'teravolt'
wich brings me to:
Name Tab Order Description
Passives 10 This category is for things like wire, capacitors, resistors, transformers and inductors Edit | Delete
Silicon 20 This category is for things such as diodes, transistors, mosfets, igbts and ics Edit | Delete
Digital 30 This category is for digital electronics, including sensors, micro-controllers, robotics and other related stuff. Edit | Delete
Radio 40 Everything radio related ought to be put here, including vacuum tubes and radio-control stuff Edit | Delete
Audio 45 Amplifiers, speakers... anything audio related goes here Edit | Delete
Light 50 Led, laser, x-ray, optics and other radiation will find a nice home in this category Edit | Delete
Junk 60 Old circuit boards, computer parts, hardware and boxes of assorted junk are welcome in this category. Edit | Delete
Tools 100 Oscilloscopes, multimeters, soldering irons, dremels: anything tool related should go in this category. Edit | Delete
Misc 190 Heatsinks, bussbars, motors: whatever doesn't fit anywhere else can go here Edit | Delete
Barter / Wanted 200 Here you may trade, barter or advertise your service. Edit | Delete
I will leave it at this, im sure if i go poking around in there, i'll find more..
also, VERY IMPORTANT:
$_GET['q'] is not properly sanitized!!!
Thx
Sam
your site has a few security issues:
photos directory is not secured, file listing can be seen, there i see :
adminEdit.php
wich tells me :
Warning: include_once(admin/config.php)
wich tells me there is an admin directory
wich brings me to:
http://www.junkbox.org/admin/categories.php
wich gives me soem info i should not have:
dbconnection is in /inc_dbcon.php?
include_path='.:/usr/lib/php:/usr/local/lib/php
mysql user: 'teravolt'
wich brings me to:
Name Tab Order Description
Passives 10 This category is for things like wire, capacitors, resistors, transformers and inductors Edit | Delete
Silicon 20 This category is for things such as diodes, transistors, mosfets, igbts and ics Edit | Delete
Digital 30 This category is for digital electronics, including sensors, micro-controllers, robotics and other related stuff. Edit | Delete
Radio 40 Everything radio related ought to be put here, including vacuum tubes and radio-control stuff Edit | Delete
Audio 45 Amplifiers, speakers... anything audio related goes here Edit | Delete
Light 50 Led, laser, x-ray, optics and other radiation will find a nice home in this category Edit | Delete
Junk 60 Old circuit boards, computer parts, hardware and boxes of assorted junk are welcome in this category. Edit | Delete
Tools 100 Oscilloscopes, multimeters, soldering irons, dremels: anything tool related should go in this category. Edit | Delete
Misc 190 Heatsinks, bussbars, motors: whatever doesn't fit anywhere else can go here Edit | Delete
Barter / Wanted 200 Here you may trade, barter or advertise your service. Edit | Delete
I will leave it at this, im sure if i go poking around in there, i'll find more..
also, VERY IMPORTANT:
$_GET['q'] is not properly sanitized!!!
Thx
Sam
Adminedit should have not been there, and has been deleted.
Categories.php has also been deleted.
Basically it's just me forgetting to delete old files. That's fixed.
All inputs are sanitized, including Q. Although it looks like this mysql query made it through, by checking the source code you'll find that special chars have been turned into their HTML safe counterparts
The junkbox with an SQL attack
filter_input(INPUT_GET, 'q' , FILTER_SANITIZE_STRING)
Categories.php has also been deleted.
Basically it's just me forgetting to delete old files. That's fixed.
All inputs are sanitized, including Q. Although it looks like this mysql query made it through, by checking the source code you'll find that special chars have been turned into their HTML safe counterparts
The junkbox with an SQL attack
filter_input(INPUT_GET, 'q' , FILTER_SANITIZE_STRING)
Last edited:
